package org.ametys.plugins.core.impl.user.directory;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.naming.AuthenticationException;
import javax.naming.Context;
import javax.naming.Name;
import javax.naming.NameParser;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.PartialResultException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.SortControl;
import org.ametys.core.datasource.ConnectionHelper;
import org.ametys.core.user.User;
import org.ametys.core.user.directory.UserDirectory;
import org.ametys.core.util.ldap.AbstractLDAPConnector;
import org.ametys.core.util.ldap.ScopeEnumerator;
import org.ametys.plugins.core.impl.user.LdapUserIdentity;
import org.apache.avalon.framework.component.Component;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:org/ametys/plugins/core/impl/user/directory/LdapUserDirectory.class */
public class LdapUserDirectory extends AbstractLDAPConnector<String, User> implements UserDirectory, Component {
    public static final String PARAM_DATASOURCE_ID = "runtime.users.ldap.datasource";
    public static final String PARAM_USERS_RELATIVE_DN = "runtime.users.ldap.peopleDN";
    public static final String PARAM_USERS_OBJECT_FILTER = "runtime.users.ldap.baseFilter";
    public static final String PARAM_USERS_SEARCH_SCOPE = "runtime.users.ldap.scope";
    public static final String PARAM_USERS_LOGIN_ATTRIBUTE = "runtime.users.ldap.loginAttr";
    public static final String PARAM_USERS_FIRSTNAME_ATTRIBUTE = "runtime.users.ldap.firstnameAttr";
    public static final String PARAM_USERS_LASTNAME_ATTRIBUTE = "runtime.users.ldap.lastnameAttr";
    public static final String PARAM_USERS_EMAIL_ATTRIBUTE = "runtime.users.ldap.emailAttr";
    public static final String PARAM_USERS_EMAIL_IS_MANDATORY = "runtime.users.ldap.emailMandatory";
    public static final String PARAM_SERVER_SIDE_SORTING = "runtime.users.ldap.serverSideSorting";
    protected String _usersRelativeDN;
    protected String _usersObjectFilter;
    protected int _usersSearchScope;
    protected String _usersLoginAttribute;
    protected String _usersFirstnameAttribute;
    protected String _usersLastnameAttribute;
    protected String _usersEmailAttribute;
    protected boolean _userEmailIsMandatory;
    protected boolean _serverSideSorting;
    protected int _pageSize;
    private String _udModelId;
    private Map<String, Object> _paramValues;
    private String _populationId;
    private String _label;
    private String _id;

    @Override // org.ametys.core.user.directory.UserDirectory
    public String getId() {
        return this._id;
    }

    @Override // org.ametys.core.user.directory.UserDirectory
    public String getLabel() {
        return this._label;
    }

    @Override // org.ametys.core.user.directory.UserDirectory
    public void init(String str, String str2, Map<String, Object> map, String str3) throws Exception {
        this._id = str;
        this._udModelId = str2;
        this._paramValues = map;
        this._label = str3;
        this._usersRelativeDN = (String) map.get(PARAM_USERS_RELATIVE_DN);
        this._usersObjectFilter = (String) map.get(PARAM_USERS_OBJECT_FILTER);
        this._usersSearchScope = ScopeEnumerator.parseScope((String) map.get(PARAM_USERS_SEARCH_SCOPE));
        this._usersLoginAttribute = (String) map.get(PARAM_USERS_LOGIN_ATTRIBUTE);
        this._usersFirstnameAttribute = (String) map.get(PARAM_USERS_FIRSTNAME_ATTRIBUTE);
        if (this._usersFirstnameAttribute != null && this._usersFirstnameAttribute.length() == 0) {
            this._usersFirstnameAttribute = null;
        }
        this._usersLastnameAttribute = (String) map.get(PARAM_USERS_LASTNAME_ATTRIBUTE);
        this._usersEmailAttribute = (String) map.get(PARAM_USERS_EMAIL_ATTRIBUTE);
        this._userEmailIsMandatory = ((Boolean) map.get(PARAM_USERS_EMAIL_IS_MANDATORY)).booleanValue();
        this._serverSideSorting = ((Boolean) map.get(PARAM_SERVER_SIDE_SORTING)).booleanValue();
        _delayedInitialize((String) map.get(PARAM_DATASOURCE_ID));
        this._pageSize = 500;
    }

    @Override // org.ametys.core.user.directory.UserDirectory
    public void setPopulationId(String str) {
        this._populationId = str;
    }

    @Override // org.ametys.core.user.directory.UserDirectory
    public String getPopulationId() {
        return this._populationId;
    }

    @Override // org.ametys.core.user.directory.UserDirectory
    public Map<String, Object> getParameterValues() {
        return this._paramValues;
    }

    @Override // org.ametys.core.user.directory.UserDirectory
    public String getUserDirectoryModelId() {
        return this._udModelId;
    }

    @Override // org.ametys.core.user.directory.UserDirectory
    public Collection<User> getUsers() {
        ArrayList arrayList = new ArrayList();
        try {
            Iterator<SearchResult> it = _search(this._pageSize, this._usersRelativeDN, this._usersObjectFilter, _getSearchConstraint(0)).iterator();
            while (it.hasNext()) {
                Map<String, Object> _getAttributes = _getAttributes(it.next());
                if (_getAttributes != null) {
                    User _createUser = _createUser(_getAttributes);
                    if (isCacheEnabled()) {
                        addObjectInCache(_createUser.getIdentity().getLogin(), _createUser);
                    }
                    arrayList.add(_createUser);
                }
            }
        } catch (IllegalArgumentException e) {
            getLogger().error("Error missing at least one attribute or attribute value", e);
        } catch (NamingException e2) {
            getLogger().error("Error of communication with ldap server", e2);
        }
        return arrayList;
    }

    @Override // org.ametys.core.user.directory.UserDirectory
    public List<User> getUsers(int i, int i2, Map<String, Object> map) {
        String str = (String) map.get("pattern");
        if (StringUtils.isEmpty(str)) {
            str = null;
        }
        if (i != 0) {
            return _internalGetUsers(new LinkedHashMap(), i, i2 >= 0 ? i2 : 0, str, 0);
        }
        return new ArrayList();
    }

    @Override // org.ametys.core.user.directory.UserDirectory
    public User getUser(String str) {
        User objectFromCache;
        if (isCacheEnabled() && (objectFromCache = getObjectFromCache(str)) != null) {
            return objectFromCache;
        }
        User user = null;
        DirContext dirContext = null;
        NamingEnumeration namingEnumeration = null;
        try {
            try {
                try {
                    Hashtable<String, String> _getContextEnv = _getContextEnv();
                    if (!this._ldapFollowReferrals) {
                        _getContextEnv.put("java.naming.referral", "throw");
                    }
                    dirContext = new InitialDirContext(_getContextEnv);
                    namingEnumeration = dirContext.search(this._usersRelativeDN, "(&" + this._usersObjectFilter + "(" + this._usersLoginAttribute + "={0}))", new Object[]{str}, _getSearchConstraint(0));
                    while (true) {
                        if (!namingEnumeration.hasMore()) {
                            break;
                        }
                        Map<String, Object> _getAttributes = _getAttributes((SearchResult) namingEnumeration.next());
                        if (_getAttributes != null) {
                            if (StringUtils.equals(str, (String) _getAttributes.get(this._usersLoginAttribute))) {
                                if (user != null) {
                                    user = null;
                                    getLogger().error("Multiple matches for attribute '{}' and value = '{}'", this._usersLoginAttribute, str);
                                    break;
                                }
                                user = _createUser(_getAttributes);
                            }
                        }
                    }
                    if (isCacheEnabled()) {
                        addObjectInCache(str, user);
                    }
                    _cleanup(dirContext, namingEnumeration);
                } catch (NamingException e) {
                    getLogger().error("Error communicating with ldap server retrieving user with login '" + str + "'", e);
                    _cleanup(dirContext, namingEnumeration);
                }
            } catch (PartialResultException e2) {
                if (this._ldapFollowReferrals) {
                    getLogger().debug(String.format("Error communicating with ldap server retrieving user with login '{}'", str), e2);
                } else {
                    getLogger().error("Error communicating with ldap server retrieving user with login '" + str + "'", e2);
                }
                _cleanup(dirContext, namingEnumeration);
            } catch (IllegalArgumentException e3) {
                getLogger().error("Error missing at least one attribute or attribute value for login '" + str + "'", e3);
                _cleanup(dirContext, namingEnumeration);
            }
            return user;
        } catch (Throwable th) {
            _cleanup(dirContext, namingEnumeration);
            throw th;
        }
    }

    @Override // org.ametys.core.user.directory.UserDirectory
    public boolean checkCredentials(String str, String str2) {
        boolean z = false;
        if (StringUtils.isNotEmpty(str2)) {
            String userDN = getUserDN(str);
            if (userDN != null) {
                Context context = null;
                Hashtable<String, String> _getContextEnv = _getContextEnv();
                _getContextEnv.put("java.naming.security.authentication", "simple");
                _getContextEnv.put("java.naming.security.principal", userDN);
                _getContextEnv.put("java.naming.security.credentials", str2);
                try {
                    try {
                        context = new InitialDirContext(_getContextEnv);
                        z = true;
                        _cleanup(context, null);
                    } catch (AuthenticationException e) {
                        getLogger().info("Authentication failed", e);
                        _cleanup(context, null);
                    } catch (NamingException e2) {
                        getLogger().error("Error communication with ldap server", e2);
                        _cleanup(context, null);
                    }
                } catch (Throwable th) {
                    _cleanup(context, null);
                    throw th;
                }
            }
        } else if (getLogger().isDebugEnabled()) {
            getLogger().debug("LDAP Authentication failed since no password (or an empty one) was given");
        }
        return z;
    }

    public String getUserDN(String str) {
        String str2 = null;
        DirContext dirContext = null;
        NamingEnumeration namingEnumeration = null;
        try {
            try {
                dirContext = new InitialDirContext(_getContextEnv());
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(this._usersSearchScope);
                searchControls.setReturningAttributes(new String[0]);
                namingEnumeration = dirContext.search(this._usersRelativeDN, "(&" + this._usersObjectFilter + "(" + this._usersLoginAttribute + "={0}))", new Object[]{str}, searchControls);
                if (namingEnumeration.hasMore()) {
                    SearchResult searchResult = (SearchResult) namingEnumeration.next();
                    str2 = searchResult.getName();
                    if (searchResult.isRelative()) {
                        NameParser nameParser = dirContext.getNameParser(ConnectionHelper.DATABASE_UNKNOWN);
                        Name parse = nameParser.parse(dirContext.getNameInNamespace());
                        parse.addAll(nameParser.parse(this._usersRelativeDN));
                        parse.addAll(nameParser.parse(str2));
                        str2 = parse.toString();
                    }
                    if (namingEnumeration.hasMoreElements()) {
                        str2 = null;
                        getLogger().error("Multiple matches for attribute \"{}\" and value = \"{}\"", this._usersLoginAttribute, str);
                    }
                }
                _cleanup(dirContext, namingEnumeration);
            } catch (NamingException e) {
                getLogger().error("Error communicating with ldap server retrieving user with login '" + str + "'", e);
                _cleanup(dirContext, namingEnumeration);
            }
            return str2;
        } catch (Throwable th) {
            _cleanup(dirContext, namingEnumeration);
            throw th;
        }
    }

    protected User _createUser(Map<String, Object> map) {
        if (map == null) {
            return null;
        }
        String str = (String) map.get(this._usersLoginAttribute);
        String str2 = (String) map.get("userDN");
        String str3 = (String) map.get(this._usersLastnameAttribute);
        String str4 = null;
        if (this._usersFirstnameAttribute != null) {
            str4 = (String) map.get(this._usersFirstnameAttribute);
        }
        return new User(new LdapUserIdentity(str, this._populationId, str2), str3, str4, (String) map.get(this._usersEmailAttribute), this);
    }

    protected List<User> _internalGetUsers(Map<String, Map<String, Object>> map, int i, int i2, String str, int i3) {
        LdapContext ldapContext = null;
        NamingEnumeration<SearchResult> namingEnumeration = null;
        try {
            try {
                ldapContext = new InitialLdapContext(_getContextEnv(), (Control[]) null);
                if (this._serverSideSorting) {
                    ldapContext.setRequestControls(_getSortControls());
                }
                Map<String, Object> _getPatternFilter = _getPatternFilter(str);
                namingEnumeration = ldapContext.search(this._usersRelativeDN, (String) _getPatternFilter.get("filter"), (Object[]) _getPatternFilter.get("params"), _getSearchConstraint(i == -1 ? 0 : i + i2 + i3));
                List<User> _users = _users(map, i, i2, str, namingEnumeration, i3);
                _cleanup(ldapContext, namingEnumeration);
                return _users;
            } catch (IllegalArgumentException e) {
                getLogger().error("Error missing at least one attribute or value", e);
                ArrayList arrayList = new ArrayList();
                _cleanup(ldapContext, namingEnumeration);
                return arrayList;
            } catch (NamingException e2) {
                getLogger().error("Error during the communication with ldap server", e2);
                ArrayList arrayList2 = new ArrayList();
                _cleanup(ldapContext, namingEnumeration);
                return arrayList2;
            }
        } catch (Throwable th) {
            _cleanup(ldapContext, namingEnumeration);
            throw th;
        }
    }

    private List<User> _users(Map<String, Map<String, Object>> map, int i, int i2, String str, NamingEnumeration<SearchResult> namingEnumeration, int i3) {
        boolean z;
        int i4 = 0;
        boolean hasMoreElements = namingEnumeration.hasMoreElements();
        while (true) {
            z = hasMoreElements;
            if (i4 >= i2 || !z) {
                break;
            }
            i4++;
            namingEnumeration.nextElement();
            hasMoreElements = namingEnumeration.hasMoreElements();
        }
        while (true) {
            if ((i == -1 || map.size() < i) && z) {
                i4++;
                Map<String, Object> _getAttributes = _getAttributes((SearchResult) namingEnumeration.nextElement());
                if (_getAttributes != null) {
                    map.put((String) _getAttributes.get(this._usersLoginAttribute), _getAttributes);
                }
                z = namingEnumeration.hasMoreElements();
            }
        }
        if (map.size() < i && i4 == i + i2 + i3) {
            double size = (i + i3) - map.size();
            return _internalGetUsers(map, i, i2, str, Math.max((i3 + i) - map.size(), (int) Math.ceil(((size / (i3 + i)) + 1.0d) * size)));
        }
        ArrayList arrayList = new ArrayList();
        Iterator<Map<String, Object>> it = map.values().iterator();
        while (it.hasNext()) {
            arrayList.add(_createUser(it.next()));
        }
        return arrayList;
    }

    protected Control[] _getSortControls() {
        try {
            return new Control[]{new SortControl(new String[]{this._usersLastnameAttribute, this._usersFirstnameAttribute}, false)};
        } catch (IOException e) {
            getLogger().warn("Cannot sort request on LDAP", e);
            return new Control[0];
        }
    }

    protected Map<String, Object> _getPatternFilter(String str) {
        Object[] objArr;
        HashMap hashMap = new HashMap();
        if (str == null) {
            hashMap.put("filter", this._usersObjectFilter);
            hashMap.put("params", new Object[0]);
        } else {
            StringBuffer stringBuffer = new StringBuffer("(&" + this._usersObjectFilter + "(|(");
            if (this._usersFirstnameAttribute == null) {
                stringBuffer.append(this._usersLoginAttribute);
                stringBuffer.append("=*{0}*)(");
                stringBuffer.append(this._usersLastnameAttribute);
                stringBuffer.append("=*{1}*)))");
                objArr = new Object[]{str, str};
            } else {
                stringBuffer.append(this._usersLoginAttribute);
                stringBuffer.append("=*{0}*)(");
                stringBuffer.append(this._usersFirstnameAttribute);
                stringBuffer.append("=*{1}*)(");
                stringBuffer.append(this._usersLastnameAttribute);
                stringBuffer.append("=*{2}*)))");
                objArr = new Object[]{str, str, str};
            }
            hashMap.put("filter", stringBuffer.toString());
            hashMap.put("params", objArr);
        }
        return hashMap;
    }

    protected SearchControls _getSearchConstraint(int i) {
        SearchControls searchControls = new SearchControls();
        int i2 = 4;
        if (this._usersFirstnameAttribute == null) {
            i2 = 4 - 1;
        }
        String[] strArr = new String[i2];
        int i3 = 0 + 1;
        strArr[0] = this._usersLoginAttribute;
        if (this._usersFirstnameAttribute != null) {
            i3++;
            strArr[i3] = this._usersFirstnameAttribute;
        }
        int i4 = i3;
        int i5 = i3 + 1;
        strArr[i4] = this._usersLastnameAttribute;
        int i6 = i5 + 1;
        strArr[i5] = this._usersEmailAttribute;
        searchControls.setReturningAttributes(strArr);
        searchControls.setSearchScope(this._usersSearchScope);
        if (i > 0) {
            searchControls.setCountLimit(i);
        }
        return searchControls;
    }

    @Deprecated
    protected User _entry2User(Map<String, Object> map) {
        return _createUser(map);
    }

    protected Map<String, Object> _getAttributes(SearchResult searchResult) {
        try {
            HashMap hashMap = new HashMap();
            Attributes attributes = searchResult.getAttributes();
            hashMap.put("userDN", searchResult.getNameInNamespace());
            Attribute attribute = attributes.get(this._usersLoginAttribute);
            if (attribute == null) {
                getLogger().warn("Missing login attribute : '{}'", this._usersLoginAttribute);
                return null;
            }
            hashMap.put(this._usersLoginAttribute, attribute.get());
            if (this._usersFirstnameAttribute != null) {
                Attribute attribute2 = attributes.get(this._usersFirstnameAttribute);
                if (attribute2 == null) {
                    getLogger().warn("Missing firstname attribute : '{}', for user '{}'.", this._usersFirstnameAttribute, hashMap.get(this._usersLoginAttribute));
                    return null;
                }
                hashMap.put(this._usersFirstnameAttribute, attribute2.get());
            }
            Attribute attribute3 = attributes.get(this._usersLastnameAttribute);
            if (attribute3 == null) {
                getLogger().warn("Missing lastname attribute : '{}', for user '{}'.", this._usersLastnameAttribute, hashMap.get(this._usersLoginAttribute));
                return null;
            }
            hashMap.put(this._usersLastnameAttribute, attribute3.get());
            Attribute attribute4 = attributes.get(this._usersEmailAttribute);
            if (attribute4 == null && this._userEmailIsMandatory) {
                getLogger().warn("Missing email attribute : '{}', for user '{}'.", this._usersEmailAttribute, hashMap.get(this._usersLoginAttribute));
                return null;
            }
            if (attribute4 == null) {
                hashMap.put(this._usersEmailAttribute, ConnectionHelper.DATABASE_UNKNOWN);
            } else {
                hashMap.put(this._usersEmailAttribute, attribute4.get());
            }
            return hashMap;
        } catch (NamingException e) {
            throw new IllegalArgumentException("Missing at least one value for an attribute in an ldap entry", e);
        }
    }
}
